Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá estou com suspeita de vírus na minha maquina, segue o log do hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:17:38, on 29/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Boot Camp\Bootcamp.exe
C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Origin\Origin.exe
C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=Va3iJdhNsU6O5sLKX87violRmBpNw2lrlIvsSDxP764IxWYOlgKrcvz4vjMQBoZ6I5qowDLzt15T0iKKyATiO8UWVJ38aSSc4bKW44ZhthrR5pHEAtKdXDBs9%2bJptMjFgqajCSZfw6oC6hS5wcQ3zjdLRXnmcvkQvUU6BZoq2t5BPKOR0%2fz7KAMNrZf%2fDjoXXc4ff8f8krP6kvqmLyf3M%2fYM0HDcieawt7loyaRrd1qG3A1Ij4IcNXsWGJS2Vct9u7lJnY2ALGhRaZ7cyJXHEdXtUXbIZdDCnYisW2%2fc9HI%3d
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\ARQUIV~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\ARQUIV~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Arquivos de programas\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [DATAMNGR] C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0
O4 - HKCU\..\RunOnce: [!SearchquDSCR] C:\WINDOWS\system32\RUNDLL32.EXE C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\INSTAL~1.DLL,_SetChromeDS http://dts.search-results.com/sr?src=crb&appid=0&systemid=417&sr=0&q={searchTerms},Search Results,r,
O4 - HKCU\..\RunOnce: [!SearchquCRHP] C:\WINDOWS\system32\RUNDLL32.EXE C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\INSTAL~1.DLL,_SetChromeHP http://www.searchnu.com/417,
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\ARQUIV~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Serviço de Tempo da Apple (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
--
End of file - 10307 bytes
obrigado pelo retorno.
Segue os relatórios:
*** [services] ***
*** [Files / Folders] ***
Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
File Deleted : C:\Arquivos de programas\Mozilla FireFox\searchplugins\Search_Results.xml
*** [Registry] ***
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
*** [Registre - GUID] ***
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [4028 octets] - [31/05/2012 21:27:32]
########## EOF - C:\AdwCleaner[s1].txt - [4156 octets] ##########
Boa Noite! logan_pa
---\\ Crack & Keygen Files (CKF) (O82)
F:\Users\andrecrins\Desktop\Keygen-CORE\CORE10k.EXE
////
|- Cuidado! Cracks e/ou Keygens podem comprometer a segurança de seu computador.
-/-
|- Baixe: < SFT > ( ... de Pierre13 )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i44.tinypic.com/vi2oib.jpg&key=9c6cf0030250f2e18c485b937be33d5053ac7f54de461232bc2b3713fd2f0e73" alt="vi2oib.jpg" />
|- Execute-o e aguarde seu término,que é rápido,e poste o relatório! ( SFT.txt )
##########
Rapport de SFT (Pierre13) du Mardi 03 Avril 2012 à 11:15:32
Mis à jour le 25/03/2012
Outil lancé en Mode normal et En tant qu'administrateur
Windows 7 Service Pack 1 (32 bits)
192 éléments supprimés => 167.05 Mo libérés.
##########
|- Ps: Devido ao tamanho do relatório,não poste-o diretamente!
-/-
|- Feche programas/pastas que estejam abertos.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Dê um duplo clique em ZHPFix.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
////
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] Orphean Key
O4 - HKUS\S-1-5-21-1177238915-562591055-2147114589-500\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] Orphean Key
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-562591055-2147114589-500Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-562591055-2147114589-500UA.job
**[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1177238915-562591055-2147114589-500Core] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.)**
**[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1177238915-562591055-2147114589-500UA] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.)**O51 - MPSK:{cb65c2e6-04d9-11e1-8695-002500d255cc}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
[HKLM\Software\Classes\iMeshIEHelper.DNSGuard]
[HKLM\Software\Classes\iMeshIEHelper.DNSGuard.1]
[HKLM\Software\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}]
[HKCU\Software\iMesh]
[HKLM\Software\iMeshMediabarTB]
C:\Arquivos de programas\iMesh Applications
C:\Arquivos de programas\Searchqu Toolbar
emptytemp
emptyflash
firewallraz
sysrestore
////
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
Abraços!
Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012
Fichier d'export Registre :
Run by Administrador at 1/6/2012 16:21:51
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Registry Key ==========
DELETED Key*: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED CLSID MPSK: {cb65c2e6-04d9-11e1-8695-002500d255cc}
DELETED Key*: HKLM\Software\Classes\iMeshIEHelper.DNSGuard
DELETED Key*: HKLM\Software\Classes\iMeshIEHelper.DNSGuard.1
DELETED Key*: HKLM\Software\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
DELETED Key*: HKCU\Software\iMesh
DELETED Key*: HKLM\Software\iMeshMediabarTB
========== Registry Value ==========
DELETED RunValue: Wisdom-soft AutoScreenRecorder 3.1 Free
NOT FOUND RunValue: Wisdom-soft AutoScreenRecorder 3.1 Free
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Steam\Steam.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\All Users\Desktop\HL2\hl2.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\pes2010.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Team Fortress 2\hl2.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Raptr\raptr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\iMesh Applications\iMesh\iMesh.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
DELETED Folder: c:\arquivos de programas\imesh applications
DELETED Folder: c:\arquivos de programas\searchqu toolbar
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-1177238915-562591055-2147114589-500core.job
DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-1177238915-562591055-2147114589-500ua.job
DELETED Window Temporary:
DELETED Flash Cookies:
========== Task ==========
DELETED Task: GoogleUpdateTaskUserS-1-5-21-1177238915-562591055-2147114589-500Core
DELETED Task: GoogleUpdateTaskUserS-1-5-21-1177238915-562591055-2147114589-500UA
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
7 : Registry Key
11 : Registry Value
4 : Repertory
4 : File
2 : Task
1 : Restoration
End of clean in 00mn 21s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 1/6/2012 16:21:51 [2554]
Bom Tarde! logan_pa
|- Esqueceu de postar o relatório da ferramenta SFT?
-/-/-
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )
|- Clique em Salvar! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg&key=3b5f68b982954852820a7b1c44c7d4ba5f9d81d9cc9adb16f3359408e8cb0d2c" alt="0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg" /> >
|- Salve-o no desktop! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg&key=fdd081d7d566e9ee7a4326a3039dd79a57a2005ed7e54a981d560e259f22d658" alt="98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg" /> >
|- Duplo clique em OTL.exe -> Executar: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg&key=422d6e6777df6b11458399b7f42d7cf2ca878f8e09b61a66ff681dacba971926" alt="c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg" />
|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )
|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".
|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )
|- Dispense o relatório "Extras".
Abraços!
OTL logfile created on: 3/6/2012 00:50:21 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Administrador\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
2,73 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 71,50% Memory free
4,57 Gb Paging File | 3,78 Gb Available in Paging File | 82,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 35,85 Gb Total Space | 12,62 Gb Free Space | 35,20% Space Free | Partition Type: NTFS
Drive F: | 112,88 Gb Total Space | 21,18 Gb Free Space | 18,76% Space Free | Partition Type: HFS
Computer Name: TIODEIMAC | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/03 00:50:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Meus documentos\Downloads\OTL.exe
PRC - [2012/06/01 16:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/06/01 16:25:33 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Arquivos de programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/22 22:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
PRC - [2012/05/04 17:43:27 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\spotify.exe
PRC - [2012/05/04 17:43:26 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe
PRC - [2009/07/22 10:16:52 | 000,431,408 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Boot Camp\Bootcamp.exe
PRC - [2009/07/22 10:16:50 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2009/07/22 10:16:48 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/04/13 18:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/01 16:27:56 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/01 16:27:56 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/01 16:27:56 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/05/22 22:56:50 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 22:56:49 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 22:55:24 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 22:55:23 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 22:55:21 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 22:06:23 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/04 17:43:27 | 020,101,120 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\Data\libcef.dll
MOD - [2012/05/04 17:43:26 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/02 23:41:54 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/02 23:41:54 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2009/07/22 10:16:48 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
========== Win32 Services (SafeList) ==========
SRV - [2012/06/01 16:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/06/01 16:10:48 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 22:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/22 10:16:50 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009/07/22 10:16:48 | 000,136,496 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2008/07/29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 18:21:22 | 000,073,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 18:21:12 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 18:21:12 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 18:20:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 18:20:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 18:20:34 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 18:20:24 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - [2012/06/01 16:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/06/01 16:25:21 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/05/29 20:51:20 | 000,002,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2011/07/01 06:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/11 09:00:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/22 14:13:15 | 000,013,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/07/22 14:13:13 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/22 14:13:12 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/07/22 10:14:49 | 005,056,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/22 10:14:46 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/07/22 10:14:45 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/07/22 10:12:28 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/07/22 10:11:44 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/07/22 10:11:20 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/07/22 10:11:18 | 000,048,000 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2009/07/22 10:11:18 | 000,005,120 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2009/07/22 10:11:14 | 000,008,576 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/04/13 18:02:32 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 17:59:02 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 11:14:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 10:32:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2006/10/13 13:48:26 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb20.sys -- (xusb20)
DRV - [2001/09/28 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {46C7EFB9-9393-4B84-9C33-2B2EFEB479E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{46C7EFB9-9393-4B84-9C33-2B2EFEB479E9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=1&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\Administrador\Dados de aplicativos\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/05/21 21:43:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins
[2012/04/26 21:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions
[2012/05/29 21:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions
[2012/05/29 21:51:35 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/05/29 20:32:15 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\searchplugins\Search_Results.xml
[2012/05/21 21:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2012/04/18 20:51:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/21 21:47:32 | 000,340,198 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\TMAJWE51.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/04/20 22:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2012/04/20 23:26:25 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2012/04/20 23:26:25 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2012/04/20 23:26:24 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 23:26:25 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/04/20 23:26:24 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Documents and Settings\Administrador\Dados de aplicativos\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: CSSViewer = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce\1.3_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2001/09/28 08:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Arquivos de programas\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Arquivos de programas\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [spotify Web Helper] C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\ARQUIV~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A22811A-FEDC-49A7-A61B-67B51C178F50}: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D82881DA-8E84-4E7D-B340-8DFDDB2F4385}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL) - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 12:05:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/01 17:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/31 22:40:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Security Client
[2012/05/31 22:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/31 21:33:06 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/05/31 21:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
[2012/05/31 21:32:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ZHPDiag
[2012/05/30 19:24:08 | 000,000,000 | -H-D | C] -- C:\.fseventsd
[2012/05/29 22:24:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2012/05/29 21:43:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free
[2012/05/29 21:19:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free Screen Video Capture by Topviewsoft
[2012/05/29 20:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\BB FlashBack Movies
[2012/05/29 20:51:20 | 000,027,776 | ---- | C] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbcap.dll
[2012/05/29 20:51:20 | 000,004,608 | ---- | C] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbchlp.dll
[2012/05/29 20:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Blueberry
[2012/05/29 20:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Blueberry
[2012/05/29 20:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Seven Zip
[2012/05/29 20:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\FreeScreenToVideo
[2012/05/29 20:32:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free Screen To Video
[2012/05/27 03:48:10 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
[2012/05/21 21:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla
[2012/05/21 21:43:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Maintenance Service
[2012/05/13 09:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Seleção Gospel A&M Inglês
[2012/05/10 00:29:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Zamzom
[2010/08/11 22:40:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/03 00:10:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/01 16:37:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/01 16:31:37 | 000,468,898 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/06/01 16:31:37 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/01 16:31:37 | 000,079,676 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/06/01 16:31:37 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/01 16:27:45 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 16:27:35 | 000,190,394 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/01 16:27:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 22:41:12 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/31 22:37:31 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/05/31 21:43:44 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2012/05/31 21:32:22 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
[2012/05/31 21:32:22 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2012/05/31 21:32:22 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2012/05/29 21:59:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/29 20:53:19 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2012/05/29 20:51:20 | 000,027,776 | ---- | M] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbcap.dll
[2012/05/29 20:51:20 | 000,004,608 | ---- | M] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbchlp.dll
[2012/05/29 19:20:35 | 000,002,969 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/27 03:48:10 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
[2012/05/24 22:42:26 | 000,002,442 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Google Chrome.lnk
[2012/05/21 21:43:07 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/21 20:56:36 | 000,002,681 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Zamzom Wireless Network Tool (Active).lnk
[2012/05/18 19:39:10 | 000,021,508 | -H-- | M] () -- C:\Documents and Settings\Administrador\Desktop\.DS_Store
[2012/05/18 19:38:24 | 000,015,364 | -H-- | M] () -- C:\Documents and Settings\Administrador\.DS_Store
[2012/05/18 19:38:04 | 000,015,364 | -H-- | M] () -- C:\.DS_Store
[2012/05/16 21:44:25 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/01 16:07:24 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/31 22:50:51 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/31 22:40:52 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Security Essentials.lnk
[2012/05/31 22:11:29 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/05/31 21:43:44 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2012/05/31 21:32:22 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
[2012/05/31 21:32:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2012/05/31 21:32:22 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2012/05/29 20:53:19 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\bbcap.err
[2012/05/21 21:43:07 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2012/05/10 00:29:14 | 000,002,681 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Zamzom Wireless Network Tool (Active).lnk
[2012/04/26 19:35:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/19 00:17:16 | 000,054,036 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/16 20:32:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/03 22:44:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/03 22:52:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/03 18:54:47 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys
[2010/08/13 23:28:14 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 22:41:10 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\vso_ts_preview.xml
[2010/08/11 22:40:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe
[2010/08/11 22:40:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.cat
[2010/08/11 22:40:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.inf
[2010/08/11 14:06:23 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/08/11 14:03:01 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/08/11 14:03:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/08/11 14:03:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/08/11 14:03:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/08/11 14:02:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/08/11 14:02:58 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/08/11 14:02:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/08/11 14:02:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/08/11 14:02:54 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/08/11 12:07:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 12:03:36 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/11 08:54:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/11 08:50:07 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2010/08/26 01:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.purple
[2011/06/12 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent
[2012/05/29 20:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Blueberry
[2011/07/18 22:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer
[2011/07/18 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer Pro
[2011/06/12 18:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite
[2012/04/19 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\EditPlus 3
[2011/08/28 22:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Electronic Arts
[2012/05/29 22:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\FreeScreenToVideo
[2011/05/19 17:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo
[2010/11/04 21:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Leadertech
[2011/12/21 00:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mediabarim
[2011/10/15 22:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Origin
[2010/09/07 22:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Raptr
[2012/06/02 23:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Spotify
[2011/10/13 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/01/14 22:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
[2012/02/20 13:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso
[2011/12/21 00:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\wincoreimband
[2012/05/29 21:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software
[2012/05/29 20:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Blueberry
[2010/08/11 09:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite
[2011/06/01 23:35:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DSS
[2011/10/15 00:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EA Core
[2011/10/15 00:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts
[2011/10/15 22:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Origin
[2010/08/13 23:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk
========== Purity Check ==========
========== Files - Unicode (All) ==========
2010/08/29 20:11:10 | 000,000,000 | ---D | M -- C:\Documents and Settings\Administrador\Configuraes locais
[2010/08/11 11:34:25 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._
[2010/08/11 11:33:36 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._
(C:\Documents and Settings\Administrador\Configura??es locais) -- C:\Documents and Settings\Administrador\Configuraes locais
========== Alternate Data Streams ==========
@Alternate Data Stream - 20 bytes -> C:\WinBosta-icon:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\All Users\Desktop\protocolo - telefonica.rtf:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\All Users\Desktop\._raptr_installer_noair.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\All Users\Desktop\._protocolo - telefonica.rtf:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._Rio.2011.BluRay.720p.x264-ZMG.srt:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._Presentation1.pps:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._Black Swan 2010 DVDSCR XviD-TiMKY.srt:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._74984_avira_2009_free_90018.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.TemporaryItems:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\._WinBosta-icon:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\._.Trashes:Mac_Metadata
< End of report >
Bom Dia! logan_pa
|- Execute o OTL.exe.
|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )
>
:OTLFF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
[2012/05/29 21:51:35 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010/08/13 23:28:14 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\ARQUIV~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - File not found
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
@Alternate Data Stream - 20 bytes -> C:\WinBosta-icon:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\All Users\Desktop\protocolo - telefonica.rtf:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\All Users\Desktop\._raptr_installer_noair.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\All Users\Desktop\._protocolo - telefonica.rtf:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._Rio.2011.BluRay.720p.x264-ZMG.srt:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._Presentation1.pps:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._Black Swan 2010 DVDSCR XviD-TiMKY.srt:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Administrador\Desktop\._74984_avira_2009_free_90018.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.TemporaryItems:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\._WinBosta-icon:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\._.Trashes:Mac_Metadata
:Files
%systemroot%\prefetch\.
C:\WINDOWS\tasks\*.job
:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[emptytemp]
[Reboot]
|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_RunFix.jpg&key=09e9249e416710368096f3071f572470adab328652ebc1420e14063af4dbfd77" alt="OTL_RunFix.jpg" />
|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log
Abraços!
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ deleted successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\tmajwe51.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ARQUIV~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
C:\WINDOWS\DUMP5bdb.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\WinBosta-icon:Mac_Metadata deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\protocolo - telefonica.rtf:Mac_Metadata deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Desktop\._raptr_installer_noair.exe:Mac_Metadata .
ADS C:\Documents and Settings\All Users\Desktop\._protocolo - telefonica.rtf:Mac_Metadata deleted successfully.
Unable to delete ADS C:\Documents and Settings\Administrador\Desktop\._Rio.2011.BluRay.720p.x264-ZMG.srt:Mac_Metadata .
Unable to delete ADS C:\Documents and Settings\Administrador\Desktop\._Presentation1.pps:Mac_Metadata .
Unable to delete ADS C:\Documents and Settings\Administrador\Desktop\._Black Swan 2010 DVDSCR XviD-TiMKY.srt:Mac_Metadata .
Unable to delete ADS C:\Documents and Settings\Administrador\Desktop\._74984_avira_2009_free_90018.exe:Mac_Metadata .
ADS C:\.Trashes:Mac_Metadata deleted successfully.
ADS C:\.TemporaryItems:Mac_Metadata deleted successfully.
ADS C:\._WinBosta-icon:Mac_Metadata deleted successfully.
ADS C:\._.Trashes:Mac_Metadata deleted successfully.
========== FILES ==========
C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.127.1145.0.E-38BB7A45.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.127.1246.0.E-29CC5183.pf moved successfully.
C:\WINDOWS\prefetch\APPLEOSSMGR.EXE-3A65BF05.pf moved successfully.
C:\WINDOWS\prefetch\APPLETIMESRV.EXE-3491B773.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-04A4CC6F.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-04A4CC72.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-04A4CC73.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-04A4CC76.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-04A4CC7B.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-10D9C910.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-0F55FCE5.pf moved successfully.
C:\WINDOWS\prefetch\DW20.EXE-08ACECB4.pf moved successfully.
C:\WINDOWS\prefetch\EACORESERVER.EXE-31653F6D.pf moved successfully.
C:\WINDOWS\prefetch\FIFA.EXE-2DF20796.pf moved successfully.
C:\WINDOWS\prefetch\FIFACONFIG.EXE-0A600E48.pf moved successfully.
C:\WINDOWS\prefetch\FLASHPLAYERUPDATESERVICE.EXE-36A098FB.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1A422291.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-281F45D0.pf moved successfully.
C:\WINDOWS\prefetch\INSTALL.EXE-0467CC15.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-3164D1CB.pf moved successfully.
C:\WINDOWS\prefetch\MPCMDRUN.EXE-3A047575.pf moved successfully.
C:\WINDOWS\prefetch\MPSIGSTUB.EXE-07E76C9D.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-0CCC6E74.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-14D8974C.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\NVSVC32.EXE-1EE2BBFD.pf moved successfully.
C:\WINDOWS\prefetch\ORIGIN.EXE-045E97C9.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-20EA95ED.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-10006695.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2A22BAF7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2F9782C3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-41D4F8AC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-44FBFD19.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-459B2EFE.pf moved successfully.
C:\WINDOWS\prefetch\SASCORE.EXE-24B6ADA2.pf moved successfully.
C:\WINDOWS\prefetch\SPOTIFY.EXE-138337A2.pf moved successfully.
C:\WINDOWS\prefetch\SSUPDATE.EXE-291DA0EA.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-072604B0.pf moved successfully.
C:\WINDOWS\prefetch\UPDATER.EXE-05196686.pf moved successfully.
C:\WINDOWS\prefetch\VCREDIST_X86.EXE-02F11BD1.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-307DE719.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0E69CB0B.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-12D8E25E.pf moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 1073324 bytes
->Temporary Internet Files folder emptied: 18755612 bytes
->FireFox cache emptied: 51975058 bytes
->Google Chrome cache emptied: 250673643 bytes
->Flash cache emptied: 59360 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 29590 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 593623 bytes
RecycleBin emptied: 52128309 bytes
Total Files Cleaned = 358,00 mb
OTL by OldTimer - Version 3.2.46.0 log created on 06032012_151129
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Bom Dia! logan_pa
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_V88.jpg&key=5ec7a08d5144b777ce14352bc4e894f1309eb5f50d73bc1432eace41fc816659" alt="DelFix_V88.jpg" />
|- Estando na página,clique na seta verde para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />
|- Clique em "Suppression".
|- Poste o relatório! ( C:\DelFixSuppr.txt )
|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".
-/-
|- < Link - 2 >
|- < Link - 3 >
|- Atualize o programa!
|- Escolha o escaneamento Completo!
|- Desabilite programas de proteção,ao executar o malwarebytes.
|- Ao concluir,clique em "Remover itens".
|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt
Abraços!
Tópico Arquivado
Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Bom Dia! logan_pa
|- Abra o Spybot Search & Destroy!
|- No menu superior,vá em Modo e selecione a opção Avançado. -> Confirme!
|- Clique no botão Ferramentas e depois em Residente.
|- Desmarque a opção: Ativar "TeaTimer" do Residente. ( *Proteção **geral** das configurações de sistema* )
/applications/core/interface/imageproxy/imageproxy.php?img=http://static.commentcamarche.net/www.commentcamarche.net/faq/images/pLxp9JBeSnXDXqfq-s-.png&key=7f567b79318b3833a9665bcbe9999d6b1d2c453f1d614ce2994fae19ec56121b" alt="pLxp9JBeSnXDXqfq-s-.png" />
|- Desmarque,também,"Resident SDHelper".
|- Ao concluir a desinfecção,habilite a proteção TeaTimer.
|- Devo relatar que é costume,em Fóruns Franceses,pedirem a desinstalação do Spybot devido ao fato de impedir procedimentos e/ou utilizar tecnologia ultrapassada.
|- Ps: Você está sem antivírus?
-/-/-
|- Baixe: < AdwCleaner > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Salve-o no desktop!
|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Suppression.jpg&key=ea7f314988c364d38f61f15aee7583e1c9e325cba8a0d859f1c7cd594582e777" alt="AdwCleaner_Suppression.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt
-/-/-
|- Baixe: | ZHPDiag2 | ºº < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Ps: Salve-o em um local conveniente!
|- Anexe na sua resposta,ZHPDiag.txt.
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Recomendo compactá-lo e anexar em sua resposta!
|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/wikisend.jpg&key=65a3a9fe5a04dee9ac28fea782c0c8a78b10846561445e42933a92762e7f8e99" alt="wikisend.jpg" /> >
|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file
|- Poste o endereço que estará em "Download link" ou "Forum link".
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> > ( Tire-o do zip ao enviar! )
|- Maiores informações: < |Link| >
Abraços!